Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BreakingNewsAlert


  • This topic is locked This topic is locked
4 replies to this topic

#1 Elegance

Elegance

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 02 April 2015 - 08:48 PM

I believe BreakingNewsAlert is the only malware I have that's causing problems.  I was able to remove a lot of it, but there is a folder in my Local AppData that keeps coming back if I remove it (even after using AdwCleaner).  Any help is greatly appreciated.  Anyway, here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Peter (administrator) on MELVIN on 02-04-2015 20:42:37
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(CA, Inc.) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Migo\PC Backup Pro\NMSAccessU.exe
(Migo Software, Inc.) C:\Program Files (x86)\Migo\PC Backup Pro\NSENGINE.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
() C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs
(Useful Technology) C:\ProgramData\OuxBgjkmP\yoTdiCnIj.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mixesoft Project) C:\Users\Peter\AppData\Local\Mixesoft\AppNHost\appnhost.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( ) C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\vnsi7F4F.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Useful Technology) C:\ProgramData\OuxBgjkmP\dat\ezlrfNEUjUN.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [1312080 2009-09-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\...\Run: [appnhost] => C:\Users\Peter\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\...\MountPoints2: {29ecdcec-0d7e-11e3-8e4f-ea8cb563ee25} - F:\setup.exe
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\FRAGIL~1.SCR [203264 2011-05-25] (FIVESTAR interactive)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-18\...\RunOnce: [{91140000-003B-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-15] (Microsoft Corporation)
Lsa: [Notification Packages] scecli DPPWDFLT
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0A0478A1-EF33-4719-B76E-56BB9FBAFAB6} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM-x32 -> {0A0478A1-EF33-4719-B76E-56BB9FBAFAB6} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> {18CF827A-46D6-47DE-B2A8-B4376BB50DE3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=374563&p={searchTerms}
SearchScopes: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> {6D7A809F-5180-4D7B-B933-0DB3CBBEAC36} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=614363&p={searchTerms}
SearchScopes: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> {BC364A77-1EA2-BC9C-F6F5-CC73E1D83A10} URL = http://www.bing.com/search?q={searchTerms}&pc=Z133&form=ZGAIDF&install_date=20110831&iesrc={referrer:source}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-09-29] (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default
FF SearchEngineOrder.1: Secure Search
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-06-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-06-22] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-24]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-08-22]
FF Extension: X-notifier - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-06-28]
FF Extension: NoScript - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-28]
FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-28]
FF Extension: ImageTweak - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}.xpi [2012-06-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2009-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-21-352679200-3127755243-3059090552-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-02]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-02]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-02]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-02]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-02]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-02]
CHR Extension: (SiteAdvisor) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-02]
CHR Extension: (AdBlock) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-02]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-02]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR HKLM-x32\...\Chrome\Extension: [${CHROME_KEY}] - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [amaoogghainfdedboehchobemomhkcka] - C:\ProgramData\Download and Sa\amaoogghainfdedboehchobemomhkcka.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 CleanService; C:\Program Files (x86)\StompSoft\Digital File Shredder Pro\CleanService.exe [52736 2006-09-26] () [File not signed]
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-09-29] (DigitalPersona, Inc.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\Migo\PC Backup Pro\NMSAccessU.exe [65536 2007-06-11] () [File not signed]
R2 NsEngine; C:\Program Files (x86)\Migo\PC Backup Pro\NSENGINE.exe [177544 2007-07-25] (Migo Software, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 setoxofi; C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp [158720 2015-04-01] () [File not signed]
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2008-11-18] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2008-11-18] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 yoTdiCnIj; C:\ProgramData\OuxBgjkmP\yoTdiCnIj.exe [2733536 2015-04-01] (Useful Technology)
R2 xepehoku; C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-08-25] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U2 SBKUPNT; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 20:42 - 2015-04-02 20:43 - 00026350 _____ () C:\Users\Peter\Downloads\FRST.txt
2015-04-02 20:41 - 2015-04-02 20:41 - 02095616 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2015-04-02 20:14 - 2015-04-02 20:43 - 00000000 ____D () C:\Users\Peter\AppData\Local\BreakingNewsAlert
2015-04-02 20:10 - 2015-04-02 20:10 - 01765884 _____ () C:\Users\Peter\Documents\cc_20150402_201014.reg
2015-04-02 19:57 - 2015-04-02 19:57 - 00000000 ____D () C:\ProgramData\Browser
2015-04-02 19:32 - 2015-04-02 19:32 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 19:32 - 2015-04-02 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-02 19:26 - 2015-04-02 19:26 - 00002124 _____ () C:\Users\Peter\Desktop\AdwCleaner[S3].txt
2015-04-02 19:00 - 2015-04-02 19:00 - 00011847 _____ () C:\Users\Peter\Desktop\bookmarks_4_2_15.html
2015-04-01 23:02 - 2015-04-01 23:02 - 00000000 ____D () C:\Users\Peter\AppData\Local\Mixesoft
2015-04-01 21:40 - 2015-04-02 19:58 - 00000000 ____D () C:\ProgramData\NetEngine
2015-04-01 19:48 - 2015-04-01 19:48 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F
2015-04-01 19:12 - 2015-04-01 19:44 - 00000000 ____D () C:\ProgramData\OuxBgjkmP
2015-04-01 19:12 - 2015-04-01 19:12 - 00003218 _____ () C:\Windows\System32\Tasks\RPC
2015-04-01 19:11 - 2015-04-01 19:11 - 00003288 _____ () C:\Windows\System32\Tasks\Winsta Update
2015-04-01 19:11 - 2015-04-01 19:11 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Winsta
2015-04-01 19:11 - 2015-04-01 19:11 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\PDFConvert
2015-04-01 19:11 - 2015-04-01 19:11 - 00000000 ____D () C:\Users\Peter\AppData\Local\{8D270DAA-7FFB-4946-A713-C5E6CCB2473D}
2015-04-01 19:11 - 2015-04-01 19:11 - 00000000 ____D () C:\ProgramData\InstallSightSDK
2015-03-27 20:25 - 2015-03-27 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert Audio Free
2015-03-27 20:25 - 2015-03-27 20:25 - 00000000 ____D () C:\Program Files (x86)\Convert Audio Free
2015-03-27 20:24 - 2015-03-27 20:24 - 01699226 _____ ( ) C:\Users\Peter\Downloads\wmatomp3_setup [1].exe
2015-03-27 20:01 - 2015-04-01 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mediasoft
2015-03-27 20:01 - 2015-04-01 20:17 - 00000000 ____D () C:\Program Files (x86)\mediasoft
2015-03-25 21:22 - 2012-03-19 14:44 - 07542145 _____ () C:\Users\Peter\Documents\I'll Go Home Then, It's Warm and Has Chairs. The Unpublished Emails.epub
2015-03-24 19:53 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 19:53 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 19:53 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 19:53 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 19:53 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 19:53 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 19:53 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 19:53 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-16 23:31 - 2015-03-16 23:31 - 00000843 _____ () C:\Users\Peter\.recently-used.xbel
2015-03-14 16:39 - 2015-03-23 12:10 - 00000000 ____D () C:\Users\Peter\Documents\TurboTax
2015-03-14 16:10 - 2015-03-14 16:10 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Intuit
2015-03-14 16:07 - 2015-03-23 11:11 - 00000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-14 16:07 - 2015-03-14 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-03-14 16:04 - 2015-03-14 16:04 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-03-14 16:01 - 2015-03-14 16:07 - 00000000 ____D () C:\ProgramData\Intuit
2015-03-10 22:07 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:07 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:07 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:07 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:07 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 22:07 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 22:07 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 22:07 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 22:07 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:07 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 22:07 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:07 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 22:07 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:07 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 22:07 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:07 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:07 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:07 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:07 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:07 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:07 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 22:07 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 22:07 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 22:07 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 22:07 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:07 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:07 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 22:07 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 22:06 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 22:06 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:06 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:06 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:06 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:06 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 22:06 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 22:06 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 22:06 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 22:06 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:06 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:06 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:06 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:06 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:06 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 22:06 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:06 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 22:06 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:06 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:06 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:06 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:06 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:06 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 22:06 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 22:06 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 22:06 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 22:06 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 22:06 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 22:06 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 22:06 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 22:03 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:03 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 22:02 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:02 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:02 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:02 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:02 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:02 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:02 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:02 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:02 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 22:02 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 22:02 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 22:02 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 22:02 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 22:02 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 22:02 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 22:02 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 22:02 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:02 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:01 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 22:01 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:58 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:58 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:58 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 21:58 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:58 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 21:58 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 21:58 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 21:58 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 21:58 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:58 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 21:58 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:58 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:58 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:58 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:58 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:58 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:58 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:58 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:58 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:58 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:58 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:58 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:58 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:58 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:58 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:58 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 21:58 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:58 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:58 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 21:58 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:58 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 21:58 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 21:58 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 21:58 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:58 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 21:58 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 21:58 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 21:58 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 21:58 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 21:58 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 21:58 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:58 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:58 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:58 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:58 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:58 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 21:58 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 21:58 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 21:58 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:58 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 21:58 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 21:58 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 21:58 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:58 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:58 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 21:58 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 21:58 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 21:58 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:58 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 21:55 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:55 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-05 19:13 - 2015-03-05 19:13 - 00000014 _____ () C:\Users\Peter\Documents\sharepoint.txt
2015-03-03 22:34 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 22:34 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 22:34 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 22:34 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 20:42 - 2012-02-12 14:49 - 00000000 ____D () C:\FRST
2015-04-02 20:37 - 2010-03-05 16:54 - 01153476 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 20:36 - 2011-08-18 12:34 - 00000000 ___HD () C:\Users\Peter\AppData\Local\Eastman Kodak Company
2015-04-02 20:08 - 2014-09-05 06:36 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Azureus
2015-04-02 20:08 - 2014-08-21 22:57 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\uTorrent
2015-04-02 20:08 - 2011-06-04 02:22 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 20:08 - 2010-06-15 21:52 - 00000000 ___HD () C:\Users\Peter\AppData\Roaming\Media Player Classic
2015-04-02 20:08 - 2010-03-05 18:00 - 00000000 ____D () C:\Windows\Panther
2015-04-02 20:08 - 2009-08-27 07:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-02 20:00 - 2010-03-05 16:04 - 00016400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 20:00 - 2010-03-05 16:04 - 00016400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 19:57 - 2012-09-17 14:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 19:57 - 2012-04-03 06:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 19:31 - 2012-11-26 14:44 - 00000000 ____D () C:\Users\Peter\AppData\Local\Deployment
2015-04-02 19:29 - 2011-08-18 12:30 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-02 19:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 19:27 - 2014-09-09 18:19 - 00000000 ____D () C:\AdwCleaner
2015-04-01 23:25 - 2009-02-06 09:38 - 00000000 ____D () C:\ProgramData\Temp
2015-04-01 23:00 - 2009-07-14 00:13 - 00874178 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 19:09 - 2013-08-29 16:30 - 00124712 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-03-25 21:25 - 2009-09-08 20:22 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\U3
2015-03-25 21:12 - 2014-12-10 19:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 21:12 - 2014-08-03 16:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-23 11:11 - 2013-09-03 08:02 - 00124712 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-03-20 04:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 20:51 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-16 23:31 - 2010-03-05 16:07 - 00000000 ____D () C:\Users\Peter
2015-03-16 23:31 - 2009-08-11 13:38 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\gtk-2.0
2015-03-16 23:31 - 2009-08-11 01:31 - 00000000 ___HD () C:\Users\Peter\.gimp-2.6
2015-03-16 22:28 - 2013-10-02 09:41 - 00767127 _____ () C:\Users\Peter\.xdmlist
2015-03-16 22:28 - 2013-10-02 09:41 - 00001855 _____ () C:\Users\Peter\.xdmconf
2015-03-16 22:24 - 2013-10-02 09:39 - 00000594 _____ () C:\Users\Peter\link.vbs
2015-03-15 08:57 - 2009-07-13 23:45 - 00444888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 06:13 - 2012-09-17 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-11 21:13 - 2014-09-05 06:36 - 00001848 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-03-11 21:13 - 2014-09-05 06:36 - 00000000 ____D () C:\Program Files (x86)\Vuze
2015-03-11 21:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 21:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 00:23 - 2009-08-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 00:23 - 2006-11-02 07:34 - 00000368 _____ () C:\Windows\win.ini
2015-03-11 00:15 - 2013-08-17 09:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 00:09 - 2010-03-10 14:02 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 20:09 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\tracing
2015-03-03 08:17 - 2010-08-16 14:14 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2009-08-23 16:05 - 2009-08-23 16:05 - 0029216 ____H () C:\Users\Peter\AppData\Roaming\UserTile.png
2010-03-05 17:03 - 2010-03-05 17:03 - 0000000 ____H () C:\Users\Peter\AppData\Local\AtStart.txt
2010-03-20 11:04 - 2012-04-18 07:56 - 0056320 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-03-05 17:03 - 2010-03-05 17:03 - 0000000 ____H () C:\Users\Peter\AppData\Local\DSwitch.txt
2010-03-05 17:03 - 2010-03-05 17:03 - 0000000 ____H () C:\Users\Peter\AppData\Local\QSwitch.txt
2010-03-15 07:50 - 2011-05-08 15:42 - 0007533 _____ () C:\ProgramData\hpzinstall.log
2015-03-14 16:07 - 2015-03-23 11:11 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Peter\desktop_shortcut.vbs
C:\Users\Peter\link.vbs
C:\Users\Peter\programs_shortcut.vbs
C:\Users\Peter\xdm-main-reg-bak.reg
 
 
Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\i4jdel0.exe
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-20 04:13
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Peter at 2015-04-02 20:44:06
Running from C:\Users\Peter\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-352679200-3127755243-3059090552-1000\...\uTorrent) (Version: 3.4.2.33080 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.10 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0910-000001000000}) (Version: 9.10.00.0 - Igor Pavlov)
ACL Desktop Education Edition (HKLM-x32\...\{C424D5B8-BDE9-48FD-805E-FF276FCC76DF}) (Version: 9.0.0.243 - ACL Software)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Arena (ArenaSetup 1.4) (HKLM-x32\...\ArenaSetup_is1) (Version:  - Bethesda Softworks)
Braid (Version 1.015) (HKLM-x32\...\Braid_is1) (Version:  - )
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CA Pest Patrol Realtime Protection (HKLM-x32\...\{F05A5232-CE5E-4274-AB27-44EB8105898D}) (Version: 001.001.0034 - Computer Associates Inc.)
Castlevania & Contra (HKLM-x32\...\{6818E2F8-132B-4A68-94EA-CDC8B8132CD4}) (Version:  - )
Cave Story Deluxe (HKLM-x32\...\Cave Story Deluxe) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Content Manager Assistant for PlayStation® (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
Convert Audio Free WMA to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free WMA to MP3_is1) (Version: 1.0 - )
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
Creative ZEN (HKLM-x32\...\{4BC4FDB7-5745-48CF-896F-7029CC183842}) (Version: 1.0 - )
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DigitalPersona Personal 4.11 (HKLM\...\{3F5D0650-63D7-4850-A87E-9A934962511C}) (Version: 4.11.3805 - DigitalPersona, Inc.)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FRAGILE walking ????????? (HKLM-x32\...\FRAGILE walking) (Version:  - )
GIMP 2.6.6 (HKLM-x32\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Half-Life) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6204 - HP)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HP User Guides 0115 (HKLM-x32\...\{834903BF-7B6E-4C97-891C-AC1AECA91CEC}) (Version: 1.04.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6047.5 - IDT)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JMicron JMB38X Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
K-Lite Codec Pack 9.8.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.0 - )
K-Lite Mega Codec Pack 9.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1118 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Migo PC Backup Pro (HKLM-x32\...\{096DB339-E0F0-4C18-BB50-23F4C784584E}) (Version: 8.0.18.0 - Migo Software, Inc.)
Migo Recover Lost Data (HKLM-x32\...\Migo Recover Lost Data3) (Version: 3 - Migo)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4.0 redistributable (HKLM-x32\...\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}) (Version: 4.0.0.0 - SAP)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Pazera Free Audio Extractor 1.4 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 1.4 - Jacek Pazera)
Peachtree Complete Accounting 2010 (HKLM-x32\...\Peachtree Complete Accounting) (Version:  - )
Planescape - Torment (HKLM-x32\...\{0A053D60-9267-11D5-8A2B-0050DA8B7D89}) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Port Forward Network Utilities 2.0.1 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.1 - Portforward.com)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Septerra Core (HKLM-x32\...\Septerra Core) (Version:  - )
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StompSoft Digital File Shredder Pro (HKLM-x32\...\StompSoft Digital File Shredder Pro) (Version:  - )
StompSoft Digital Vault (HKLM-x32\...\StompSoft Digital Vault) (Version:  - )
StompSoft Recover Lost Data (HKLM-x32\...\Recover Lost Data3) (Version: 3 - StompSoft Inc. )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
To the Moon (HKLM-x32\...\To the Moon) (Version: 1.0 - Freebird Games)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Validity Sensors software (HKLM\...\{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}) (Version: 2.8.109 - Validity Sensors, Inc.)
vcredist_x86 (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 1.0.0 - SAP)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.9.8 - Shark007)
Windows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinPatrol (HKLM\...\{007811BF-E310-4285-BFC6-55DB29B3EDDE}) (Version: 24.1.2012 - BillP Studios)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Ys Origin (HKLM-x32\...\Steam App 207350) (Version:  - Falcom)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
08-12-2014 19:41:48 Windows Update
09-12-2014 23:53:44 Windows Update
11-12-2014 21:50:56 Windows Update
15-12-2014 01:09:31 Windows Update
18-12-2014 00:43:53 Windows Update
27-12-2014 07:24:02 Windows Update
03-01-2015 17:19:14 Windows Update
19-01-2015 19:27:14 Windows Update
19-01-2015 23:49:17 Windows Update
23-01-2015 01:24:48 Windows Update
27-01-2015 22:17:10 Windows Update
31-01-2015 23:19:19 Windows Update
05-02-2015 21:05:43 Windows Update
09-02-2015 19:26:31 Windows Update
11-02-2015 04:01:19 Windows Update
11-02-2015 20:54:33 Windows Update
14-02-2015 21:17:24 Windows Update
17-02-2015 22:15:39 Windows Update
20-02-2015 22:29:21 Windows Update
25-02-2015 00:33:26 Windows Update
28-02-2015 09:28:07 Windows Update
04-03-2015 02:01:10 Windows Update
07-03-2015 23:59:39 Windows Update
11-03-2015 00:04:10 Windows Update
11-03-2015 21:35:41 Revo Uninstaller's restore point - Pro PC Cleaner
14-03-2015 16:04:46 Installed TurboTax 2014 wrapper
14-03-2015 22:37:20 Windows Update
18-03-2015 23:27:18 Windows Update
22-03-2015 13:23:53 Windows Update
23-03-2015 11:12:02 Installed TurboTax 2014 wiliper
24-03-2015 22:45:21 Windows Update
29-03-2015 10:57:58 Windows Update
01-04-2015 19:44:24 Revo Uninstaller's restore point - Reg Pro Cleaner version 2.0
01-04-2015 19:52:27 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
01-04-2015 19:56:51 Revo Uninstaller's restore point - News Alert
01-04-2015 20:00:26 Revo Uninstaller's restore point - Commercial Plug-in
01-04-2015 20:04:30 Revo Uninstaller's restore point - Time Page
01-04-2015 20:09:43 Revo Uninstaller's restore point - Comical 0.8
01-04-2015 20:13:36 Revo Uninstaller's restore point - Free Convert MP3 to WMA Express 2.0.1
01-04-2015 20:17:29 Revo Uninstaller's restore point - Start Menu Read
01-04-2015 20:20:54 Revo Uninstaller's restore point - DocToPDFConverter
01-04-2015 23:01:52 Installed AppNHost 1.0.5.1
01-04-2015 23:36:04 Windows Update
02-04-2015 19:01:01 Revo Uninstaller's restore point - Google Chrome
02-04-2015 19:22:59 Revo Uninstaller's restore point - Google Chrome
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09550FB1-5C11-4E8B-B7D1-8D573B33A3ED} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-352679200-3127755243-3059090552-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1B804497-8406-4B6B-8B44-C721FB604465} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {1BF10291-5D06-4765-8CA5-8A234A0BC091} - System32\Tasks\{4A4BF775-C5B6-494E-88FB-999591864D21} => pcalua.exe -a "C:\Program Files (x86)\MpcStar\Codecs\QuickTime\QTSystem\quicktime.cpl"
Task: {43A82CDC-C177-4C7A-BE8D-4A5097B2C40C} - System32\Tasks\{74B6520F-B22F-47CE-98FD-E9E7BBC6252C} => pcalua.exe -a "C:\Program Files (x86)\ComcastUI\Desktop Software\bin\kui.exe" -d "C:\Program Files (x86)\ComcastUI\Desktop Software\bin\"
Task: {4E6CF8A7-D6E7-4201-B391-64BAAB52341D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {54B0BA6B-E9CA-4573-90F6-63903B762547} - System32\Tasks\Winsta Update => C:\Users\Peter\AppData\Roaming\Winsta\bin\Winsta.exe [2015-01-29] ()
Task: {5516D460-1D95-434F-A256-A4E4F4F7F520} - System32\Tasks\{B3BD51B3-948D-4A6F-97A2-148C10970DF2} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" -c /z-uninstall /zMS
Task: {59D466B7-4933-492B-9298-F1813943BB60} - System32\Tasks\{C0EFB8D9-26FF-478E-AA33-1FD750275654} => pcalua.exe -a E:\langsel.exe -d E:\
Task: {5DA2D00B-123A-482C-B7C6-A10372DB426B} - System32\Tasks\{DCC48674-7761-43D2-9876-1ACB330721E6} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe"
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {83135B7A-1BE0-4C34-8B01-10AB787F95ED} - System32\Tasks\{192A30E1-AF86-4B8E-A981-56F72C6F8028} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" -c /z-uninstall
Task: {86E9C1A8-6A1A-4189-8E18-857ABFBD66E9} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {903622B6-43D5-4544-A9E0-0E83B91771FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {B1942132-359B-49AE-A06C-0455A02522DE} - System32\Tasks\RPC => C:\Program Files (x86)\Reg Pro Cleaner\Regprocleaner.exe
Task: {B8EE165C-E52D-4C49-8A55-C6A851B367E1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BB8242D3-DC45-40C6-A48F-25ABD9CF27C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {BC8B3A99-D62E-44C8-B159-59636CEA0BDA} - System32\Tasks\{2CB2FB70-50EE-43F3-9703-427535225A00} => pcalua.exe -a C:\Users\Peter\Documents\VMOnline.exe -d C:\Users\Peter\Documents
Task: {C1499069-7FFB-46B3-B98D-0ED6DE8C39CD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-352679200-3127755243-3059090552-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C87C9698-C95F-4F60-A4BE-424EA03B23E8} - System32\Tasks\{176542A6-CCB8-4D3C-A213-39B5A67CAD35} => pcalua.exe -a C:\Users\Peter\Documents\vlc-1.0.3-win32.exe -d C:\Users\Peter\Documents
Task: {E0BD0AC2-7F30-4EE0-AF09-C534731D91E7} - System32\Tasks\{06E336CE-C1C7-43C6-B0FE-D06F6CCF4F88} => pcalua.exe -a C:\Users\Peter\Desktop\Comcast_Desktop_Software_techpc.exe -d C:\Users\Peter\Desktop
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2007-06-11 09:31 - 2007-06-11 09:31 - 00065536 _____ () C:\Program Files (x86)\Migo\PC Backup Pro\NMSAccessU.exe
2009-02-06 11:15 - 2008-12-17 19:11 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2015-04-01 19:48 - 2015-04-01 19:48 - 00158720 _____ () C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp
2015-04-01 19:48 - 2015-04-01 19:48 - 00208384 _____ () C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-10-11 20:22 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-02-06 11:15 - 2008-12-17 19:11 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2009-09-05 11:14 - 2007-02-12 11:36 - 00831200 _____ () C:\Program Files (x86)\StompSoft\Digital Vault\Vault.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-02 19:32 - 2015-03-30 16:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-02 19:32 - 2015-03-30 16:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-02 20:42 - 2015-04-02 20:42 - 00011264 _____ () C:\Users\Peter\AppData\Local\Temp\nsc7F3F.tmp\System.dll
2015-04-02 20:42 - 2015-04-02 20:42 - 00117248 _____ () C:\Users\Peter\AppData\Local\Temp\nsc7F3F.tmp\IpConfig.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:28BF1793
AlternateDataStreams: C:\ProgramData\Temp:4BE698E6
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: wbsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BrowserWatch => "C:\Program Files (x86)\StompSoft\Digital File Shredder Pro\BrowserWatchControl.exe"
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: CTCheck => C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: DpAgent => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EKAiO2StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE
MSCONFIG\startupreg: EPSON NX110 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\Windows\TEMP\E_S2658.tmp" /EF "HKCU"
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Mal Updater 2 => C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
MSCONFIG\startupreg: Migo PC Backup Pro Tray Control => "C:\Program Files (x86)\Migo\PC Backup Pro\NbkCtrl.exe"
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: QlbCtrl.exe => "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
MSCONFIG\startupreg: SearchProtection => "C:\Users\Peter\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SearchSettings => C:\Program Files (x86)\Dealio Toolbar\SearchSettings.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: TVAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-352679200-3127755243-3059090552-500 - Administrator - Disabled)
Guest (S-1-5-21-352679200-3127755243-3059090552-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-352679200-3127755243-3059090552-1006 - Limited - Enabled)
Peter (S-1-5-21-352679200-3127755243-3059090552-1000 - Administrator - Enabled) => C:\Users\Peter
 
==================== Faulty Device Manager Devices =============
 
Name: hp LaserJet 4350
Description: hp LaserJet 4350
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 4000 Series
Description: HP LaserJet 4000 Series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet P4015
Description: HP LaserJet P4015
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet 4700
Description: HP Color LaserJet 4700
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp color LaserJet 4600
Description: hp color LaserJet 4600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 8000 Series
Description: HP LaserJet 8000 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2055dn
Description: HP LaserJet P2055dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet M1522nf MFP
Description: HP LaserJet M1522nf MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP2025n
Description: HP Color LaserJet CP2025n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P3005
Description: HP LaserJet P3005
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 3055
Description: HP LaserJet 3055
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: designjet 5500ps (Q1252A)
Description: designjet 5500ps (Q1252A)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Color LaserJet 3600
Description: HP Color LaserJet 3600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 9040
Description: hp LaserJet 9040
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP3525
Description: HP Color LaserJet CP3525
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2055x
Description: HP LaserJet P2055x
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 5000 Series
Description: HP LaserJet 5000 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2015 Series
Description: HP LaserJet P2015 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet 3600
Description: HP Color LaserJet 3600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 1320 series
Description: hp LaserJet 1320 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 4100 Series
Description: HP LaserJet 4100 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 9040
Description: hp LaserJet 9040
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: hp LaserJet 9050
Description: hp LaserJet 9050
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: DesignJet 1055CM (C6075A)
Description: DesignJet 1055CM (C6075A)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 8100 Series
Description: HP LaserJet 8100 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet M1522nf MFP
Description: HP LaserJet M1522nf MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp color LaserJet 4600
Description: hp color LaserJet 4600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 9040
Description: hp LaserJet 9040
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: hp color LaserJet 5550
Description: hp color LaserJet 5550
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp color LaserJet 4600
Description: hp color LaserJet 4600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet 3600
Description: HP Color LaserJet 3600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 9040
Description: hp LaserJet 9040
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet P2015 Series
Description: HP LaserJet P2015 Series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: hp LaserJet 4300
Description: hp LaserJet 4300
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 8150 Series
Description: HP LaserJet 8150 Series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: hp color LaserJet 4600
Description: hp color LaserJet 4600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/02/2015 08:09:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.41.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4b4
 
Start Time: 01d06daa1210d4c1
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
Report Id:
 
Error: (04/02/2015 07:29:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/02/2015 00:53:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 11:59:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 11:22:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 11:06:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 09:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 08:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 07:43:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Reg Pro Cleaner version 2.0; Error = 0x81000101).
 
Error: (04/01/2015 07:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/02/2015 07:29:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hpdskflt
 
Error: (04/02/2015 07:29:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cobian Backup 10 Volume Shadow Copy service service failed to start due to the following error: 
%%2
 
Error: (04/02/2015 07:29:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Comcast AntiSpyware service failed to start due to the following error: 
%%2
 
Error: (04/02/2015 07:28:31 PM) (Source: hpdskflt) (EventID: 1001) (User: )
Description: 
 
Error: (04/02/2015 07:27:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/02/2015 07:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (04/02/2015 07:27:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (04/02/2015 07:27:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/02/2015 07:27:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/02/2015 07:27:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/02/2015 08:09:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.41.0.04b401d06daa1210d4c10C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
Error: (04/02/2015 07:29:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/02/2015 00:53:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 11:59:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 11:22:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 11:06:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 09:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 08:31:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 07:43:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - Reg Pro Cleaner version 2.00x81000101
 
Error: (04/01/2015 07:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-20 10:10:47.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 10:10:21.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:25:03.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:24:48.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:22:46.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:22:35.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:21:41.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:20:18.900
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:19:22.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-20 09:19:07.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P7550 @ 2.26GHz
Percentage of memory in use: 43%
Total physical RAM: 4063.2 MB
Available physical RAM: 2283.4 MB
Total Pagefile: 8124.58 MB
Available Pagefile: 5955.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:455.9 GB) (Free:311.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.86 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6F656A5A)
Partition 1: (Active) - (Size=455.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 03 April 2015 - 08:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

() C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp
() C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs
(Useful Technology) C:\ProgramData\OuxBgjkmP\yoTdiCnIj.exe
( ) C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\vnsi7F4F.tmp
(Useful Technology) C:\ProgramData\OuxBgjkmP\dat\ezlrfNEUjUN.exe
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Toolbar: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Extension: X-notifier - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-06-28]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [${CHROME_KEY}] - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [amaoogghainfdedboehchobemomhkcka] - C:\ProgramData\Download and Sa\amaoogghainfdedboehchobemomhkcka.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
R2 setoxofi; C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp [158720 2015-04-01] () [File not signed]
R2 yoTdiCnIj; C:\ProgramData\OuxBgjkmP\yoTdiCnIj.exe [2733536 2015-04-01] (Useful Technology)
R2 xepehoku; C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs [X]
U2 SBKUPNT; No ImagePath
C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F
C:\ProgramData\OuxBgjkmP
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
C:\Users\Peter\AppData\Local\Temp\i4jdel0.exe
AlternateDataStreams: C:\ProgramData\Temp:28BF1793
AlternateDataStreams: C:\ProgramData\Temp:4BE698E6
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Elegance

Elegance
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 03 April 2015 - 03:20 PM

Thank you very much.  Looks like the problem is gone.  Is there any more cleanup I should do?
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Peter at 2015-04-03 15:03:53 Run:2
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available profiles: Peter)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
() C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp
() C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs
(Useful Technology) C:\ProgramData\OuxBgjkmP\yoTdiCnIj.exe
( ) C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\vnsi7F4F.tmp
(Useful Technology) C:\ProgramData\OuxBgjkmP\dat\ezlrfNEUjUN.exe
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Toolbar: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-352679200-3127755243-3059090552-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Extension: X-notifier - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-06-28]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [${CHROME_KEY}] - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [amaoogghainfdedboehchobemomhkcka] - C:\ProgramData\Download and Sa\amaoogghainfdedboehchobemomhkcka.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
R2 setoxofi; C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp [158720 2015-04-01] () [File not signed]
R2 yoTdiCnIj; C:\ProgramData\OuxBgjkmP\yoTdiCnIj.exe [2733536 2015-04-01] (Useful Technology)
R2 xepehoku; C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs [X]
U2 SBKUPNT; No ImagePath
C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F
C:\ProgramData\OuxBgjkmP
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
C:\Users\Peter\AppData\Local\Temp\i4jdel0.exe
AlternateDataStreams: C:\ProgramData\Temp:28BF1793
AlternateDataStreams: C:\ProgramData\Temp:4BE698E6
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
End
*****************
 
Processes closed successfully.
[2268] C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\jnss39A5.tmp => Process closed successfully.
C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\nsyFEA3.tmpfs => No running process found
[2528] C:\ProgramData\OuxBgjkmP\yoTdiCnIj.exe => Process closed successfully.
C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F\vnsi7F4F.tmp => No running process found
C:\ProgramData\OuxBgjkmP\dat\ezlrfNEUjUN.exe => No running process found
"HKU\S-1-5-21-352679200-3127755243-3059090552-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found. 
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
HKU\S-1-5-21-352679200-3127755243-3059090552-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 
"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. 
"HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. 
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => Key deleted successfully.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi => Moved successfully.
C:\Program Files (x86)\McAfee\SiteAdvisor not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\${CHROME_KEY}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amaoogghainfdedboehchobemomhkcka" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
setoxofi => Service deleted successfully.
yoTdiCnIj => Service deleted successfully.
xepehoku => Service not found.
SBKUPNT => Service deleted successfully.
C:\Users\Peter\AppData\Roaming\39464E43-1427935684-5932-5139-00238BF34F2F => Moved successfully.
C:\ProgramData\OuxBgjkmP => Moved successfully.
"C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0rwvj273.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi" => File/Directory not found.
C:\Users\Peter\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\ProgramData\Temp => ":28BF1793" ADS removed successfully.
C:\ProgramData\Temp => ":4BE698E6" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:03:59 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 04 April 2015 - 07:03 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 09 April 2015 - 08:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users